Security Engineering - A Guide to Building Dependable Distributed Systems

This book gives a solid introduction to security engineering, its underlying technologies (crypto, access control, inference control, tamper resistance, seals) and its important applications in military, medical and financial fields.

Security Engineering - A Guide to Building Dependable Distributed Systems

This book gives a solid introduction to security engineering, its underlying technologies (crypto, access control, inference control, tamper resistance, seals) and its important applications in military, medical and financial fields.

Ross Anderson wrote:My goal in making the book freely available is twofold. First, I want to reach the widest possible audience, especially among poor students. Second, I am a pragmatic libertarian on free culture and free software issues; I think that many publishers (especially of music and software) are too defensive of copyright. I don't expect to lose money by making this book available for free: more people will read it, and those of you who find it useful will hopefully buy a copy. After all, a proper book is half the size and weight of 300-odd sheets of laser-printed paper in a ring binder.

Book Excerpts:

The purpose of this book is to give a solid introduction to security engineering, as we understand it at the beginning of the twenty-first century. The goal is that it works at four different levels:

As a textbook that readers can read from one end to the other over a few days as an introduction to the subject. The book is to be used mainly by the working IT professional who needs to learn about the subject, but it can also be used in a one-semester course in a university.

As a reference book to which readers can come for an overview of the workings of some particular type of system. These systems include taxi meters, military communications, medical record systems, cash machines, mobile phones, pay-TV, and so on.

As an introduction to the underlying technologies, such as crypto, access control, inference control, tamper resistance, and seals. Space prevents this book from going into great depth; but it provides a basic road map for each subject, plus a reading list for the curious (and a list of open research problems for the prospective graduate student).

As an original scientific contribution in which this book has tried to draw out the common principles that underlie security engineering, and the lessons that people building one kind of system should have learned from others. For example, a simple attack on stream ciphers wasn't known to the people who designed a common antiaircraft fire control radar so it was easy to jam; while a trick well known to the radar community wasn't understood by banknote printers and people who design copyright marking schemes, which led to a quite general attack on most digital watermarks.

:) "In more than 600 pages of intense information, Anderson lays the groundwork on how to build a secure and dependable system. Every aspect of information security is discussed in the book -- from passwords, access control, and attacks, to physical security and policy. Additionally, relevant and timely topics such as information warfare, privacy protection, access control, and more are discussed. This is the only book that covers the end-to-end spectrum of security design and engineering."

:) "Ross Anderson has a unique perspective to offer. He explains complex information, such as the inner working of cryptographic functions, with a clear and precise manner, while at the same time always relating the content to the real world. He possess a rare combination of expertise in theory and experience in practice."